allow moderated comments like wordpress if permissions are compatible

7 files changed, 123 insertions, 10 deletions

diff --git a/Zotlabs/Access/PermissionLimits.php b/Zotlabs/Access/PermissionLimits.php
index 909b654d5..8caeedb91 100644
--- a/Zotlabs/Access/PermissionLimits.php
+++ b/Zotlabs/Access/PermissionLimits.php
@@ -10,7 +10,7 @@ class PermissionLimits {
 		$perms = Permissions::Perms();
 		$limits = array();
 		foreach($perms as $k => $v) {
-			if(strstr($k,'view'))
+			if(strstr($k,'view') || $k === 'post_comments')
 				$limits[$k] = PERMS_PUBLIC;
 			else
 				$limits[$k] = PERMS_SPECIFIC;
diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php
index a10675a87..114021568 100644
--- a/Zotlabs/Lib/Enotify.php
+++ b/Zotlabs/Lib/Enotify.php
@@ -170,6 +170,7 @@ class Enotify {
 
 		xchan_query($p);
 
+		$moderated = (($p[0]['item_blocked'] = ITEM_MODERATED) ? true : false);
 
 		$item_post_type = item_post_type($p[0]);
 //		$private = $p[0]['item_private'];
@@ -208,13 +209,21 @@ class Enotify {
 		// Before this we have the name of the replier on the subject rendering 
 		// differents subjects for messages on the same thread.
 
-		$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		if($moderated)
+			$subject = sprintf( t('[$Projectname:Notify] Moderated Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
+		else
+			$subject = sprintf( t('[$Projectname:Notify] Comment to conversation #%1$d by %2$s'), $parent_id, $sender['xchan_name']);
 		$preamble = sprintf( t('%1$s, %2$s commented on an item/conversation you have been following.'), $recip['channel_name'], $sender['xchan_name']); 
 		$epreamble = $dest_str; 
 
 		$sitelink = t('Please visit %s to view and/or reply to the conversation.');
 		$tsitelink = sprintf( $sitelink, $siteurl );
 		$hsitelink = sprintf( $sitelink, '<a href="' . $siteurl . '">' . $sitename . '</a>');
+		if($moderated) {
+			$tsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
+			$hsitelink .= "\n\n" . sprintf( t('Please visit %s to approve or reject this comment.'), z_root() . '/moderate' );
+		}
+		
 	}
 
 	if ($params['type'] == NOTIFY_LIKE) {
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index 5910ea672..5bb5982f8 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -743,8 +743,12 @@ class ThreadItem {
 			'$feature_encrypt' => ((feature_enabled($conv->get_profile_owner(),'content_encrypt')) ? true : false),
 			'$encrypt' => t('Encrypt text'),
 			'$cipher' => $conv->get_cipher(),
-			'$sourceapp' => \App::$sourcename
-
+			'$sourceapp' => \App::$sourcename,
+			'$observer' => get_observer_hash(),
+			'$anoncomments' => perm_is_allowed($conv->get_profile_owner(),'','post_comments'),
+			'$anonname' => [ 'anonname', t('Your full name (required)'),'','' ],
+			'$anonmail' => [ 'anonmail', t('Your email address (required)'),'','' ],
+			'$anonurl'  => [ 'anonurl',  t('Your website URL (optional)'),'','' ]
 		));
 
 		return $comment_box;
diff --git a/Zotlabs/Lib/ThreadStream.php b/Zotlabs/Lib/ThreadStream.php
index beb626f31..1fd746c38 100644
--- a/Zotlabs/Lib/ThreadStream.php
+++ b/Zotlabs/Lib/ThreadStream.php
@@ -158,7 +158,7 @@ class ThreadStream {
 			if(intval($item->get_data_value('item_nocomment'))) {
 				$item->set_commentable(false);
 			}
-			elseif(($this->observer) && (! $item->is_commentable())) {
+			elseif(! $item->is_commentable()) {
 				if((array_key_exists('owner',$item->data)) && intval($item->data['owner']['abook_self']))
 					$item->set_commentable(perm_is_allowed($this->profile_owner,$ob_hash,'post_comments'));
 				else
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index ec36c22d8..952ecf487 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -33,7 +33,7 @@ class Item extends \Zotlabs\Web\Controller {
 		// This will change. Figure out who the observer is and whether or not
 		// they have permission to post here. Else ignore the post.
 	
-		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'commenter')))
+		if((! local_channel()) && (! remote_channel()) && (! x($_REQUEST,'anonname')))
 			return;
 
 		$uid = local_channel();
@@ -77,7 +77,7 @@ class Item extends \Zotlabs\Web\Controller {
 	
 		call_hooks('post_local_start', $_REQUEST);
 	
-	//	 logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
+		// logger('postvars ' . print_r($_REQUEST,true), LOGGER_DATA);
 	
 		$api_source = ((x($_REQUEST,'api_source') && $_REQUEST['api_source']) ? true : false);
 	
@@ -205,10 +205,29 @@ class Item extends \Zotlabs\Web\Controller {
 			$route = $parent_item['route'];
 	
 		}
+
+		$moderated = false;
 	
-		if(! $observer)
+		if(! $observer) {
 			$observer = \App::get_observer();
+			if(! $observer) {
+				$observer = anon_identity_init($_REQUEST);
+				if($observer) {
+					$moderated = true;
+					$remote_xchan = $remote_observer = $observer;
+				}
+			}
+		} 			
 	
+		if(! $observer) {
+			notice( t('Permission denied.') . EOL) ;
+			if($api_source)
+				return ( [ 'success' => false, 'message' => 'permission denied' ] );	
+			if(x($_REQUEST,'return')) 
+				goaway(z_root() . "/" . $return_path );
+			killme();
+		}
+
 		if($parent) {
 			logger('mod_item: item_post parent=' . $parent);
 			$can_comment = false;
@@ -312,7 +331,7 @@ class Item extends \Zotlabs\Web\Controller {
 		$walltowall = false;
 		$walltowall_comment = false;
 	
-		if($remote_xchan)
+		if($remote_xchan && ! $moderated)
 			$observer = $remote_observer;
 	
 		if($observer) {
@@ -996,6 +1015,10 @@ class Item extends \Zotlabs\Web\Controller {
 			\Zotlabs\Daemon\Master::Summon(array('Notifier', $notify_type, $post_id));
 	
 		logger('post_complete');
+
+		if($moderated) {
+			info(t('Your comment is awaiting approval.') . EOL);
+		}
 	
 		// figure out how to return, depending on from whence we came
 	
diff --git a/Zotlabs/Module/Moderate.php b/Zotlabs/Module/Moderate.php
new file mode 100644
index 000000000..b7f05e4b2
--- /dev/null
+++ b/Zotlabs/Module/Moderate.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace Zotlabs\Module;
+
+require_once('include/conversation.php');
+
+
+class Moderate extends \Zotlabs\Web\Controller {
+
+
+	function get() {
+		if(! local_channel()) {
+			notice( t('Permission denied.') . EOL);
+			return;
+		}
+
+
+		if(argc() > 2) {
+			$post_id = intval(argv(1));
+			if(! $post_id)
+				goaway(z_root() . '/moderate');
+
+			$action = argv(2);
+
+			$r = q("select * from item where uid = %d and id = %d and item_blocked = %d limit 1",
+				intval(local_channel()),
+				intval($post_id),
+				intval(ITEM_MODERATED)
+			);
+
+
+
+			if($r) {
+				if($action === 'approve') {
+					q("update item set item_blocked = 0 where uid = %d and id = %d",
+						intval(local_channel()),
+						intval($post_id)
+					);
+					notice( t('Comment approved') . EOL);
+				}
+				elseif($action === 'drop') {
+					drop_item($post_id,false);
+					notice( t('Comment deleted') . EOL);
+				} 
+			}
+
+			$r = q("select * from item where id = %d",
+				intval($post_id)
+			);
+			if($r) {
+				xchan_query($r);
+				$sync_item = fetch_post_tags($r);
+				build_sync_packet(local_channel(),array('item' => array(encode_item($sync_item[0],true))));
+			}
+			goaway(z_root() . '/moderate');
+		}
+
+		$r = q("select item.id as item_id, item.* from item where item.uid = %d and item_blocked = %d and item_deleted = 0 order by created desc limit 60",
+			intval(local_channel()),
+			intval(ITEM_MODERATED)
+		);
+
+		if($r) {
+			xchan_query($r);
+			$items = fetch_post_tags($r,true);
+		}
+		else {
+			$items = array();
+		}
+
+		$o = conversation($a,$items,'moderate',false,'traditional');
+
+		return $o;
+
+	}
+
+}
\ No newline at end of file
diff --git a/Zotlabs/Module/Settings/Channel.php b/Zotlabs/Module/Settings/Channel.php
index 56a7d0d8e..12ad25d51 100644
--- a/Zotlabs/Module/Settings/Channel.php
+++ b/Zotlabs/Module/Settings/Channel.php
@@ -324,7 +324,7 @@ class Channel {
 		foreach($global_perms as $k => $perm) {
 			$options = array();
 			foreach($perm_opts as $opt) {
-				if((! strstr($k,'view')) && $opt[1] == PERMS_PUBLIC)
+				if(((! strstr($k,'view')) && $k !== 'post_comments') && $opt[1] == PERMS_PUBLIC)
 					continue;
 				$options[$opt[1]] = $opt[0];
 			}